ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed UBTRIPPIN travel-management skill with sensitive but purpose-aligned account, travel, email-forwarding, webhook, and billing features.

Install only if you trust UBTRIPPIN with your travel records, loyalty numbers, booking emails, ticket PDFs, family/collaborator information, and related account data. Store the API key only in protected secrets/config, not shared plaintext files, and require explicit confirmation before forwarding emails, exporting loyalty data, deleting or merging records, sharing trips or family access, creating webhooks or calendar links, or starting billing/checkout flows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to use an email-sending capability to forward user booking emails and attachments to an external address, which expands behavior beyond the declared API-based scope. This creates a real data-exfiltration and consent risk because full booking emails and PDFs can contain sensitive travel, identity, and payment-related information.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Webhook creation and testing allow the skill to trigger outbound requests to arbitrary URLs unrelated to the core travel-management purpose described in the manifest. In an agent setting, this can be abused for SSRF-like behavior, covert data exfiltration, internal network targeting, or unauthorized interaction with third-party systems.

Description-Behavior Mismatch

Medium
Confidence
85% confidence
Finding
The manifest frames the skill as travel management, but the documented API also includes billing portal access, pricing, and checkout session creation. This scope expansion matters because payment-related actions are more sensitive and can surprise users or enable unauthorized subscription and billing changes if the agent is over-trusted.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README tells users to store a UBTRIPPIN API key in agent config or TOOLS.md but provides no warning that the key is sensitive or guidance on secure storage. In an agent ecosystem, documentation files and configs are often shared, committed, or exposed to other tools, so this can lead to credential leakage and unauthorized access to the user's travel data and account actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documentation includes a bearer token format example directly in the auth line, which normalizes handling of live-looking credentials and may lead users or downstream agents to paste or reuse real API keys in prompts, logs, or code. In a travel-management skill that accesses trips, loyalty data, family travel, and tickets, exposure of a UBTRIPPIN API key could enable unauthorized access to sensitive itinerary and personal travel information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow tells the agent or user to forward complete booking emails and PDF attachments to an external service without a clear warning about what data will be transmitted. Because travel confirmations often contain names, booking references, itinerary details, and other sensitive metadata, the omission increases privacy and informed-consent risk.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill documents destructive deletion actions for trips and related objects without cautioning the agent to confirm user intent or explain permanence. In an agent context, this increases the chance of accidental or prompt-induced data loss involving travel itineraries and related records.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs an agent to forward booking confirmation emails and PDF attachments to an external address, which can contain sensitive personal and travel data such as full names, itineraries, booking references, loyalty numbers, and ticket documents. Although this is core to the feature, the documentation does not require explicit user consent at the moment of transfer, data-minimization guidance, or a privacy warning, which increases the risk of oversharing or unauthorized disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal